Although I understand where you're coming from, this is a gaming website, there is little to no likelyhood that someone is going to try to steal your password to it. There just really isn't any point. On the point of transactions on the website, you will notice that when you try and pay, it redirects to https for security reasons during the transaction.

high score : 229402:59:29 ‹Khan22› wouldn't you love to have like 5 or 6 girls all giving you attention?10/11/2010 02:59:39 ‹TheForgivenOne› No.

I highly doubt this is related to this suggestion, but the other day I was playing and all of a sudden it switched to HTTPS for some odd reason in the middle of doing something. Then, for some reason, every time I refreshed the page/went to a new page, a pop up occured that asked me if I wanted to view all information on page or just the information that was secure, and it was very annoying having to click "yes" or "no" everytime. Again, doubt this is related, and it went away when I exited the site and came back, but still something to consider.

Darwins_Bane wrote:Although I understand where you're coming from, this is a gaming website, there is little to no likelyhood that someone is going to try to steal your password to it. There just really isn't any point. On the point of transactions on the website, you will notice that when you try and pay, it redirects to https for security reasons during the transaction.

Actually there is another issue involved. i am currently working in an environment that does not allow me to game on cc during my break. I can only acces the forums because i add the s to http manually. It does work, but i cannot play my games that way unless i can play them in https. it gets blocked by the firewall.

The reason secure isn't used on all pages. Its slower than regular http. If you would like to use it. Simply go to https://conquerclub.com/ and browse around. Also, as someone said before, some elements, such as the static images, xml files, style sheets and such; would make no sense as they never change.

Regardless of my rant. Login on https = not a horrible idea. Whole site on https = redundant.

blakebowling wrote:The reason secure isn't used on all pages. Its slower than regular http. If you would like to use it. Simply go to https://conquerclub.com/ and browse around. Also, as someone said before, some elements, such as the static images, xml files, style sheets and such; would make no sense as they never change.

Regardless of my rant. Login on https = not a horrible idea. Whole site on https = redundant.

well actually you say that its a gamine website noone will do it.... ummm yah how bout this there arte hackers that hackj games just to f*ck around with people..... mafia (mmropg) games get hacked all the time, I am preaty sure that this site is probley realy extreamlyeasy to hack

basic_man2010_20 wrote:well actually you say that its a gamine website noone will do it.... ummm yah how bout this there arte hackers that hackj games just to f*ck around with people..... mafia (mmropg) games get hacked all the time, I am preaty sure that this site is probley realy extreamlyeasy to hack

basic_man2010_20 wrote:well actually you say that its a gamine website noone will do it.... ummm yah how bout this there arte hackers that hackj games just to f*ck around with people..... mafia (mmropg) games get hacked all the time, I am preaty sure that this site is probley realy extreamlyeasy to hack

If I could read this, I might just have something to say about it.

hey now...that's not very polite. Did you consider english might not be his primary language?

"Well actually you saying that this is a gaming website thus nobody will attack it...umm..yeah...how about there are hackers that attack games just to f*ck with people...mafia (mmporg) gaming websites get hacked all the time. I am pretty sure that this site is easy to hack."

InsomniaRed wrote:And yes to the login being changed to HTTPS, but not the whole site.

I agree...there is no reason to encrypt the entire site. But you know..it does work just fine. I've been using HTTPS ever since I posted this...and since it doesn't redirect me back to HTTP...I browse the entire site in HTTPS...take my turns in HTTPS....post to the forum in HTTPS. I'm posting this via HTTPS. Go encryption!

Can we try and get this deployed? It's really easy and would be helpful, even if everybody doesn't understand why or agree. There really isn't a single downside to deploying this....only positives....

Lies.

HTTPS is SLOWER than HTTP

True. It has a little bit of extra information to include the security portion. How long does login take? a second? So if it takes 1.1 seconds with encryption?

It is also completely pointless. Every good web developer should know that forcing protocols is never good.

Did you just say encryption is completely pointless?

You know what...I don't give a shit anymore. You don't like my good idea...I no longer care. I use HTTPS for all my CC interaction. I use it to login, play my games...I use it to browse the forum, I use it to chat. I'm secure. I haven't noticed any difference in speed. I no longer care if the rest of you are or not. If somebody figures out how to steal lacks insecure password and thrash the server...I'll just laugh and point to this thread and say "I told you so".

Darwins_Bane wrote:Although I understand where you're coming from, this is a gaming website, there is little to no likelyhood that someone is going to try to steal your password to it.

*cough* right, that's why there have been so many issues with hackers and imposters, like the one that resulted in respectable folks like sam-c812 being reported for cheating... a hacker had taken over another player's logon, set up some speed games to lose them deliberately... anyone remember that from a month or so ago?

There have been other incidents where someone hacked an id. https would help prevent those situations.

you're misunderstanding the difference between the two, or how the security works.

HTTP, and HTTPS are essentially the same protocol, with the exception of the SSL key in HTTPS. However, the only way for someone to get the information, is for them to take over a router in the path of where you are going. The easiest of those routers to take over would be (in 99% of cases) the one located at your OWN house. If someone were to re-route the flow of packets through another computer, which they proceeded to analyze and determine the value of the field "password" sent to the conquerclub.com login script, then they would have your password. However this is not the way most "hackings" take place.

The majority of the time, the password is obtained from another website which you use the same password for. Essentially, your password is associated with your username, or your email address in their database. Or, even easier than that; the person got the password from you.

basic_man2010_20 wrote:well actually you say that its a gamine website noone will do it.... ummm yah how bout this there arte hackers that hackj games just to f*ck around with people..... mafia (mmropg) games get hacked all the time, I am preaty sure that this site is probley realy extreamlyeasy to hack

If I could read this, I might just have something to say about it.

hey now...that's not very polite. Did you consider english might not be his primary language?

"Well actually you saying that this is a gaming website thus nobody will attack it...umm..yeah...how about there are hackers that attack games just to f*ck with people...mafia (mmporg) gaming websites get hacked all the time. I am pretty sure that this site is easy to hack."

well English is my primary language but i suck at typing as i don't pay much attention to the online grammar and crap like that. so tell me dose the site allow for .swf ANYWHERE on the site? if so it can eaisley be hacked. All you have to do is put a shell into the .swf file upload it to the site and you have access to the cpanel (if the site runs on a cpanel) or even the database. they get access to the database they have access to our e-mail password and all that they can easily then go and pretend to be us or even worse pull a herk and hack a persons account of witch they don't like and make a bunch of games and point dump and get the person banned.

basic_man2010_20 wrote:well actually you say that its a gamine website noone will do it.... ummm yah how bout this there arte hackers that hackj games just to f*ck around with people..... mafia (mmropg) games get hacked all the time, I am preaty sure that this site is probley realy extreamlyeasy to hack

If I could read this, I might just have something to say about it.

hey now...that's not very polite. Did you consider english might not be his primary language?

"Well actually you saying that this is a gaming website thus nobody will attack it...umm..yeah...how about there are hackers that attack games just to f*ck with people...mafia (mmporg) gaming websites get hacked all the time. I am pretty sure that this site is easy to hack."

well English is my primary language but i suck at typing as i don't pay much attention to the online grammar and crap like that. so tell me dose the site allow for .swf ANYWHERE on the site? if so it can eaisley be hacked. All you have to do is put a shell into the .swf file upload it to the site and you have access to the cpanel (if the site runs on a cpanel) or even the database. they get access to the database they have access to our e-mail password and all that they can easily then go and pretend to be us or even worse pull a herk and hack a persons account of witch they don't like and make a bunch of games and point dump and get the person banned.

Most web developers know of the SWF vulnerabilities. And No, SWF can't be used on the site (at least by regular users, Admins and the entertainment team MAY have access to it).